summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorYi Zhao <yi.zhao@windriver.com>2019-10-14 14:43:15 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-10-29 09:08:17 +0000
commitcd24be7c47e59e92df365d65117126d07cdc0531 (patch)
tree92c3bc40daa4f054f32f40d9b7873546deb40487 /meta
parent78e173090b6a519d097193d14ae0cce7f101c7b9 (diff)
downloadpoky-cd24be7c47e59e92df365d65117126d07cdc0531.tar.gz
libsdl2: fix CVE-2019-13616
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-13616 Patch from: https://hg.libsdl.org/SDL/rev/e7ba650a643a (From OE-Core rev: 691f04965faf58d9d6323898478916ae306d046c) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 70b9cdf86b9c5ed14937500619387a890a57ef20) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch34
-rw-r--r--meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb1
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
new file mode 100644
index 0000000000..674decccbb
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
@@ -0,0 +1,34 @@
1From 85138c1ec673e05263ae666baf61f79384daf7e0 Mon Sep 17 00:00:00 2001
2From: Sam Lantinga <slouken@libsdl.org>
3Date: Tue, 30 Jul 2019 11:00:00 -0700
4Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files
5
6Upstream-Status: Backport
7[https://hg.libsdl.org/SDL/rev/e7ba650a643a]
8
9CVE: CVE-2019-13616
10
11Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
12---
13 src/video/SDL_bmp.c | 5 +++++
14 1 file changed, 5 insertions(+)
15
16diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
17index 0b68918..a06b0c9 100644
18--- a/src/video/SDL_bmp.c
19+++ b/src/video/SDL_bmp.c
20@@ -226,6 +226,11 @@ SDL_LoadBMP_RW(SDL_RWops * src, int freesrc)
21 SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
22 }
23 }
24+ if (biWidth <= 0 || biHeight == 0) {
25+ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
26+ was_error = SDL_TRUE;
27+ goto done;
28+ }
29 if (biHeight < 0) {
30 topDown = SDL_TRUE;
31 biHeight = -biHeight;
32--
332.7.4
34
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
index 3a0654b866..cdc8650e17 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
@@ -14,6 +14,7 @@ PROVIDES = "virtual/libsdl2"
14 14
15SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \ 15SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
16 file://more-gen-depends.patch \ 16 file://more-gen-depends.patch \
17 file://0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch \
17" 18"
18 19
19S = "${WORKDIR}/SDL2-${PV}" 20S = "${WORKDIR}/SDL2-${PV}"